none
Vista GPO for Automatic Updates RRS feed

  • Question

  • Hi,

    We have about 110 Vista worktations rolled out throughout our company. We use SMS 20003 SP3 to approve and push MS security patches out to our Vista and XP SP2 workstations.  Basically I do not want users workstations connecting to Windows Update.

    We have a GPO created to deny user access to Windows Automatic Updates:

    Computer Configuration (Disabled)
    No settings defined.

    User Configuration (Enabled)
    Administrative Templates

    Start Menu and Taskbar
    Policy Setting
    Remove links and access to Windows Update Enabled

    System
    Policy Setting
    Windows Automatic Updates Enabled

    Windows Components/Windows Update
    Policy Setting
    Remove access to use all Windows Update features Enabled

    The GPO is applied against USERS.  This policy is being pushed to Windows XP SP2 and Vista workstations. The XP SP2 workstations work correctly and cannot access Windows Update through the Automatic Updates applet in Control Panel.  On a Vista workstation, even though the option in the Automatic Updates applet are greyed out, the workstation is still going to Windws Update and downloading and installing the updates after being released by MS on patch Tuesday.

    Shouldn't access to this be disabled based on the GPO mentioned above?

    I ran a GPRESULT on the affected workstations and the policy is applying.

    Any ideas?

    Paul

    Thursday, January 10, 2008 7:34 PM

Answers

  • Hi Paul,

     

    Could you please also try to configure these settings in a Windows Vista local policy to see if it works? Also, if the problem persists, send the screen shot you mentioned and save the event log as *evt to the scedata@microsoft.com for further research.

     

    Thanks. 

     

    Wednesday, January 16, 2008 8:59 AM

All replies

  • Hi Paul,

     

    Does this problem occur with all the Windows Vista workstations? Based on my test, it works fine. Please check if the option of "Check for updates" has been grayed out in Windows update and cannot access http://windowsupdate.microsoft.com on Windows Vista.

     

    BTW, Please note user configuration cannot be applicable for local user, if users are logging into with local user, the policy cannot be applied. 

     

     

    Hope it helps.

    Tuesday, January 15, 2008 9:29 AM
  •  

    Thanks for the reply...

     

    This problem occurs on all Vista workstations.  The option for "Check for Updates" is selected but is greyed out and can't be changed by the user.  When user goes to website it tells him to to use the windows update in control panel icon.  The "Check for Updates" is greyed out but it looks like th workstation checks with WindowsUpdate (I have a screen shot if you'd like to see it).

     

    Before the workstation was given to the user the Automatic Updates settings were not changed from the default settings.  Wanted to make the changes using group policy.

     

    I checked the System event log on one of the affected workstations and the updates were applied using Automatic Updates (I have a sceen shot of this as well).

     

    Paul 

    Tuesday, January 15, 2008 6:57 PM
  • Hi Paul,

     

    Could you please also try to configure these settings in a Windows Vista local policy to see if it works? Also, if the problem persists, send the screen shot you mentioned and save the event log as *evt to the scedata@microsoft.com for further research.

     

    Thanks. 

     

    Wednesday, January 16, 2008 8:59 AM